Enabling/Disabling HA Only Mode

By default, the client lists both physical slots and virtual HA slots. Directing applications at the physical slots bypasses the high availability and load balancing functionality. An application must be directed at the virtual HA slot to use HA load balancing and redundancy. HA Only mode hides the physical slots and leaves only the HA group slots visible to applications, simplifying the PKCS#11 slot numbering (see Slot Numbering and Behavior).

If an HA group member partition fails and is recovered, all visible slot numbers can change, including the HA group virtual slots. This can cause applications to direct operations to the wrong slot. If a physical slot in the HA group receives a direct request, the results will not be replicated on the other partitions in the group (see HA Troubleshooting) When HA Only mode is enabled, the HA virtual slots are not affected by partition slot changes. Thales recommends enabling HA Only mode on all clients running HA groups.

NOTE   Individual partition slots are still visible in LunaCM when HA Only mode is enabled. They are hidden only from client applications. Use CKdemo (Option 11) to see the slot numbers to use with client applications.

To enable HA Only mode

1.Enable HA Only mode in LunaCM.

lunacm:> hagroup haonly -enable

2.[Optional] Since LunaCM still displays the partitions, you can check the status of HA Only mode at any time.

lunacm:> hagroup haonly -show

To disable HA Only mode

1.Disable HA Only mode in LunaCM.

lunacm:> hagroup haonly -disable


Customer Support Portal

SafeNet Luna PCIe HSM 7.4 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.